Many users have spotted that Windows 10 Anniversary Update downloads and installs some games and apps automatically. Without the user even opening the Store, or asking for his or her permission, the operating system installs some apps like Candy Crush Soda Saga, Minecraft: Windows 10 edition, Flipboard, Twitter and some other apps. Earlier, you could prevent Windows 10 from installing them using a Registry Tweak, but it does not work any more in version 1607 "Anniversary Update". Here is the alternative way to prevent these apps from installing.
The Windows 10 version 1607 Anniversary Updates includes a feature that automatically installs apps from the Windows Store because it wants to promote some of them. These apps are installed for the currently signed-in user. When you are connected to the internet, Windows 10 will download and install a number of Store apps automatically. The Tiles for these Metro apps or Universal apps suddenly show up in the Windows 10 Start Menu with a progress bar indicating that they're being downloaded. After they finish installing they show up in the Recently installed section of the Start menu:
- Press Win + R shortcut keys together on the keyboard to open the Run dialog.
- In the Run box, type the following:
secpol.msc
- The Local Security Policy app will appear on the screen.
- Select Application Control Policies in the left, then click Applocker.
- Click Packaged app Rules:
- Right click the right pane and select Create new rule:
- The Create new rule wizard will be opened. Click Next to open its next page:
- On the Permissions page, set Action to Deny, leave User or Group as Everyone:
- Click Next, then click Use an installed packaged app as a reference -> Select:
- In the app list, select Windows Spotlight(Microsoft.Windows.ContentDeliveryManager) and click OK:
- Move the slider to the Package Name option as shown below, then click Create:
That's it! Note that already downloaded content in the tiles wont go away after this Applocker rule, however, there will not be any new content after this. You can remove existing unwanted apps. All you need to do is right click their tiles and remove them, they won't coming back. Credits: dobbelina@MDL.
To restore the default behavior, you need to remove the rule in Local Security Policy you created.
A side effect of this AppLocker rule restriction might be that the Windows Spotlight feature which shows random images on the Lockscreen will not work. But this issue is very minor, since you can still change your Lock screen background to a custom image or to a slideshow.
Update: if the trick described above has no effect for you, please try another method mentioned in the following article:
Fix: Windows 10 installs apps like Candy Crush Soda Saga automatically
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
It’s kind of shame that is has come down to having to go to such lengths to try and retain some control.
Putting aside all the tales of the telemetry and privacy woes, I have been trying to like Windows 10 for the last 8 months. But for every one thing that I do like about Windows 10, there are two things that I don’t like.
I am glad there are people like you to offer us novice PC users a place we can visit and better educate ourselves.
It’s a shame because people use Windows 10 anyway. Nobody is forcing them to use such a crap OS. If everyone stays with Windows 7, Microsoft will be forced to comply just like they had to with Windows 8 and 8.1.
Sticking with Windows 7 isn’t necessarily feasible anymore. Apart from the fact that new installs are a complete pain due to the hours it takes to find update (let alone download and install them), it lacks support for a lot of new hardware and is a dead-end system as updates will be completely unavailable when support ends in 2020. Moving to something newer is just sensible future-proofing, and since Linux still has too many issues with software availability and support for a lot of people, Windows 10 is the only real option.
Learning how to beat Windows 10 into submission via all these tweaks is the price one pays for not having to deal with the alternatives.
Don’t get me wrong, I am not against tweaks. But I think it is perfectly feasible to continue using Windows 7 or 8.1. The need to move to Windows 10 is entirely self-created by you. All the changes in Windows 10 are bad. Winaero already showed you how to make update checking on Windows 7 fast: https://winaero.com/blog/fix-windows-update-stuck-on-checking-for-updates/. At present Windows 7 doesn’t lack support for new hardware except the DPI scaling sucks for high res displays and it lacks Bluetooth 4.0 support. Windows 8.1 has these two with an experience highly similar to Windows 7 once you do some third-party fixes. Moving to Windows 10 is like hurting yourself. :)
What can i do if i don’t have secpol.msc in Windows 10 Home?
I was waiting for this question.
Let me see if I can repeat these steps without it.
Try this tweak (not tested yet)
—-
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\SystemCertificates]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\32095775-5197-4f30-8cd8-990a7f2be3b7]
"Value"="<FilePublisherRule Id=\"32095775-5197-4f30-8cd8-990a7f2be3b7\" Name=\"Microsoft.Windows.ContentDeliveryManager, from Microsoft Corporation\" Description=\"\" UserOrGroupSid=\"S-1-1-0\" Action=\"Deny\"><Conditions><FilePublisherCondition PublisherName=\"CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US\" ProductName=\"Microsoft.Windows.ContentDeliveryManager\" BinaryName=\"*\"><BinaryVersionRange LowSection=\"*\" HighSection=\"*\"/></FilePublisherCondition></Conditions></FilePublisherRule>"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Dll]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Msi]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Script]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}User]
What do all those registry entries mean ?
To me it’s just a list of entries, am I missing something ?
o_0
It is a group policy object for the Local Policy rule described in the article.
It is not “just list of entries”.
You can save it as a *.reg file and apply, as Toshik requested.
I get it, I cut and paste into notepad, and name as a .reg file, and run ?
Thanks for that:)
Yep.
Wow thanks for this! I was just about to ask for it and what would you know some genius has already posted it. Good looks.
Unfortunately when I try to run the .reg file all I get is:
The specified file is not a registry script.
Your can only import binary registry files from within the registry editor.
The above .reg hack works. You must include the line “Windows Registry Editor Version 5.00, just as it is above”. The first time I tried this I wasn’t sure and left that line out, and got the error stated. But after I included it to let the registry know what I was importing, it worked fine. I guess this type of header statement is required to import registry data.
Get a Mac or have zero privacy on virus riddled, annoying windows. MS-SUX!
even if so there are other alternatives than paying 2x the price for the logo.
Apple sucks for its own completely separate list of reasons, and I always have to point out to people that the ONLY reason why Apple computers do not get many viruses is because of their relatively small market share. It’s been shown time and time again that their actual infrastructure and technology for responding to threats is vastly inferior to Microsoft’s. The only reason for the perceived advantage is because so few people are using Apple laptops comparatively, and for that reason they are rarely targeted. Therefore if we all suddenly went out and bought Apple laptops, we’d be much worse off in three months when the malware industry caught up and started writing their crap to infect Apple OS rather than Windows.
Do you know where to find the executables for all of these unwanted applications? I have found some of them but I can’t find all of them, such as Minecraft and Candy Crush. Your workaround above, does not work on the systems that I have tried this on and I’m trying to see if I can go about this another way by finding the .exe files for them.
Thank you!
They have no executables.
They are appx packages, means Store apps.
There’s a DWORD labeled SilentInstalledAppsEnabled in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager btw.
That value was already disabled for me and I’ve still been having Candy Crush soda Saga showing up every few hours anyway. I did however just find a subkey under that called SuggestedApps, which lists C andy Crush among others with a value of 1. I changed them all to zero and we’ll see what happens.
This would be more useful if Applocker was available on Windows 10 PRO, as it’s only available on Enterprise/Education you could just use the old policy setting…….
Isn’t it easier just to uninstall Windows Spotlight app?
Applocker is available in Windows 10 PRO, but blocking Windows Spotlight doesn’t help. Apps are still intalled…
@Mark
Blocking Windows Spotlight is not for uninstalling Apps. You will recognize the effect of blocking Windows Spotlight by adding a new user. New users will not have those suggested apps like Candy Crush Soda Saga or Asphalt 8 in their startmenu. It will not work for existing users.
@Sergey Tkachenko
Blocking Windows Spotlight per secpol.msc works fine, thanks to you.
Trying to block Windows Spotlight per registry does not work (tested with Win 10 Eval x64 Release 1607 and Win 10 Pro x64 Release 1607).
So I took a look at the registry path and noticed that I got a different object-name than you’ve posted before.
Your object-name: {250FEABB-7D5C-4556-8753-B62A66E5858B}
Win10EntEval: {A4F95287-9F08-4E8D-8BD2-28A377DCD876}
Win10Pro: {3D65B7C6-038C-40A1-9ECA-B6AA3D6CC686}
I also got a different FilePuplisherRule ID:
Yours: 32095775-5197-4f30-8cd8-990a7f2be3b7
Win10EntEval: 28b5eca0-f05f-40a2-b690-242c99e5fd4e
Win10Pro: c969e662-c40e-4dd1-9b5b-825589845c4e
Any idea how to generalize the registry file?
I get a not found error when I try to run secpol.msc
Can I do anything about this?
Which edition of Windows 10 do you have ?
Windows 10 home 1607. Ill try the fix above.
The registry patch applied. Now I guess I just wait to see if it works.
Thanks!
Microsoft has no business including other apps and services in Windows update that I do not want. In fact Windows update should include nothing but the operating system updates and security patches. The fact that in the Anniversary update users got apps downloaded again they never wanted is something I would call bloatware not a Windows improvement update. So every time we get a major revision to Windows 10 users will have to uninstall the apps and Microsoft crap we don’t want??
I remember back in the day on Windows 98, Microsoft with Internet Explorer 6 tried to bundle something called “Push” with “Active Desktop” where apps and ads would be pushed without consent to users’ desktops.
It created such a stink it was abandoned by Microsoft. Right around this time the EU court hauled Microsoft into court for anti-trust for bundling its browser (and all this other stuff) into the OS…
Two decades later and we have the same corporate culture at MS… Sad. We are not your advertising guinea pigs Microsoft! Capisce?
ps. I love Windows 10 but detest the silent auto-app and advertising installs and not having the ability to truly disable all telemetry…
This NO LONGER WORKS. Windoews 10 of March, 2017 no longer respects this security policy. Candy crush comes to me every day and I have had this policy in place for weeks.
Probably, this trick should work: Fix: Windows 10 installs apps like Candy Crush Soda Saga automatically
This definitely don’t work on Windows 10 Pro 1703
I think you can apply something mentioned here: How To Disable Ads in Windows 10 (All Of Them)
My version of W10Pro version 1703 build 15063.296 they changed the name ‘Windows Spotlight’ to ‘Microsoft Content’.
To the latest replies saying it doesn’t work: I too found this to be the case. However, I created a separate Local Admin account, logged in with that, did the secpol.msc thing, logged back into my main account (which is also a local account, I am not using a Microsoft account and have not tested that) and Candy Crush hasn’t come back yet. It’s been a month (a full round of updates, basically)
In Windows 10 1803, Spotlight was replaced with “Windows Content” Package is still: Microsoft.Windows.ContentDeliveryManager
Lucky for me I have windows 10 Edu so I was able to create the rule in Local Security Policy.
Why post GDPR is Windows 10 still allowed to do this default? it completely flies in the face of consent since they have to use our data for something we haven’t specifically agreed to do this.